viktor wrote:What should I do to prevent people from using bruteforce trying to guess people's passwords? There's currently no "You've entered 5 wrong passwords please wait 5 minutes" for example?Thanks.

That would be a slow brute force attack since it requires packet exchanges across the internet for each try. But you could always implement your own login system from a web page.